A Spotlight on Security
Hi there. Welcome to “A Spotlight on Security” issue no. 36. This time you can expect new information on the Confluence exploit, the first victim of the UK Online Safety Bill and new frightening numbers on Ransomware attacks.
Confluence exploit - Microsoft has a suspect
Microsoft researchers have identified a 'nation-state threat actor', known as Storm-0062 or DarkShadow, behind the zero-day exploits targeting Atlassian's Confluence Data Center and Server products, Security Week reports. The ongoing attacks were linked to this advanced persistent threat (APT) group, and Microsoft warned that malicious activity dates back to September 14, which is three weeks before Atlassian publicly disclosed the issue. The APT group Storm-0062, associated with cyberespionage operations for China’s Ministry of State Security, has been exploiting CVE-2023-22515, disclosed on October 4, 2023.
Encryption under threat - Meta vs. UK Government
Immediately after gaining parliamentary approval for the Online Safety Bill, the UK government is intensifying its efforts to discourage Meta from implementing end-to-end encryption (E2EE) on Facebook Messenger and Instagram TechCrunch reports. The Home Secretary emphasized that any such rollout should include unspecified "safety measures" to enable law enforcement to detect child sexual abuse material (CSAM) while safeguarding user privacy.
?? Join our New Full-Scale Tresorit Infosec Insider Monthly ??
Tresorit is proud to introduce to you the new big sister of the LinkedIn newsletter you're currently reading – “Tresorit InfoSec Insider”. It's an extended overview for the daily work of digital leaders and security professionals.
This is what you get:
Sign up now, and you'll get “Tresorit InfoSec Insider” conveniently delivered to your email inbox once a month, free of charge.
领英推荐
First half of 2023 sees more ransomware attacks than all of 2022
A recent report by Deep Instinct analyzed cyber threats in the first half of 2023, revealing a surge in ransomware victims compared to the entire year of 2022. The report highlighted the persistent use of Ransomware as a Service (RaaS) by threat actors, reports Security Magazine.
The report also identified Russia as a prominent global threat actor, particularly in the aftermath of cyberattacks in 2022, including those targeting Ukrainian government websites, organizations, and companies. Noteworthy Russian groups like Sandworm, Callisto, and Gamaredon continued their campaigns against Ukraine in the first half of 2023.
Webinar: Compliance without Compromise
Modern CISOs must juggle the ever-changing compliance requirements, determined data criminals and ensure their workforce remain productive. What do we need to create a safe environment where collaboration is not compromised, and creativity can flourish. Join our webinar 'Compliance without Compromise' to explore how forward-thinking companies can maintain efficiency and functionality and avoid the scourge of shadow IT.
The host, Péter Budai is Tresorit's Chief Technology Officer (CTO) renowned for his expertise in developing secure solutions that rely on strong end-to-end encryption. With a strong focus on both security and usability, Peter enables organizations to protect their data while maintaining exceptional user experiences.
If you don’t want to miss out, you can sign up here. Should you be not able to make it to the webinar, you will find a recorded version soon on our website.
?2023 Industry Events Outlook
?? GDS Group, CIO Summit Europe, October 17-19, online
?? GDS Group, CIO Summit USA, December 5-7, online
About us
Tresorit?is a Swiss-Hungarian zero-knowledge encrypted cloud platform helping teams of all sizes collaborate the safe and easy way. It is designed to safeguard the digital valuables of organizations and individuals with highest classification.
Thanks for reading. See you again here at “A Spotlight on Security” the week after next.